In the technology of Radio-Frequency Identification (RFID), secure authentication between the reader/writer and the electronic tag has to be fully addressed prior to secure communication. In wireless networks, the communication between mobile terminals and access points or base stations faces the same challenge, e.g., secure authentication between mobile terminals and access points in a wireless local area network (WLAN), and secure authentication between mobile terminals and base stations in a wireless metropolitan area network (WMAN).
A series of standards such as 802.11 and 802.16 have been established by the IEEE to enhance security of WLANs and WMANs, providing secure access by mobile terminals to base stations or access points. Subsequently, the standards of 802.11i and 802.16e are developed as an amendment to address security vulnerabilities in 802.11 and 802.16, respectively.
However, the inventors found in their studies that, existing two-way authentication methods are based on authentication servers, and can not realize direct two-way authentication between base stations or access points and mobile terminals. That is, to perform two-way authentication between a base station or access point and a mobile terminal, a secure channel has to be pre-established using some other security protocol between the access point or base station and an authentication server, then, the authentication server helps perform two-way authentication between the base station or access point and the mobile terminal. Any problem of the security of the secure channel may degrade the reliability of two-way authentication. Moreover, if a new base station or access point is to be added to the network system, a secure channel has to be set up manually between the base station or access point and the authentication server, which results in difficulty in extending the network system.